Friday, May 30, 2008

Kees and Andy have a couple of great points that I want to reitterate

My friend Kees Leune makes a great point about the disappearing edge.

A couple of years back it would have been fine to throw up a firewall to protect your network. Attacks were mostly inbound in nature and could be dealt with in a straight forward manner.

The siege mentality could be used to defend your network. If I put up enough outward facing defenses (firewall, anti spam, virus scanners, etc..), I can protect my castle. What we run into today is that the attacks are drawing us out to them, our trade routes and water supplies have to be monitored and checked. The cross site scripting vulnerabilities that PayPal revealed that it had shows this very well. We trust PayPal with our money, but they still have vulnerabilities.

In todays network traffic needs to be monitored for anomalies. If you are not running an IRC chat or you employees are not supposed to be accessing IRC, monitor for that traffic. It may be legitimate, but it might not be as well.

The "bad guys" knew in medeaval times that if a direct assault did not work, if you can get someone to come out and take something from you (i.e. Troy) you have a greater success. They no longer have to lob dead animals over the walls at us. They set them outside our walls and let us know that they are providing them as food to us. Today's "bad guys" are adapting as well

This leads me to what Andy Willingham talks about in this blog post.

Just because we've always done it that way does not make it the best way to do it now. On a regular basis go back and reevaluate your policies and procedures. Ask questions that have not been asked before. Ask questions that have been asked before, you may be suprised that you get a different answer. Don't just accept "let me get back to you about that" as an answer.

The "bad guys" are willing to question the way things are done, hence how they find vulnerabilities. Take a page from their book. Look at your network from a different point of view. Rethink your network.

That's enough for me today.
Be safe

James

No comments: